Greyhole
Greyhole copied to clipboard
gboudreau
POSIX ACLs not kept in sync across greyhole directories
Disclaimer
While POSIX ACLs are related to security, the issue being reported only has to do with the internally stored backup file copies in the greyhole directories. This issue has no impact on network security (i.e. how the server interacts with other devices on the network).
Background
POSIX ACLs control the access to files and directories in Unix systems by allowing for individual files and directories to have multiple users and multiple groups each have their own read/write/execute permissions. Samba maps POSIX ACLs to Windows ACLs so that the owner of a file or directory can control who else has access to it.
Issue
When the POSIX ACLs on a file are changed through a Samba share (ex: user in Windows selects a file, r-click->Properties->Security->Edit, and then removes someone), the symlink in the Landing Zone and the file it points to appropriately gets its POSIX ACL updated. However, the other greyhole copies of the file or directory don't get updated.
Impact to User
If it becomes necessary to restore files from one of the other greyhole directories (ex: the main greyhole drive failed), it could be extremely time consuming to manually set all the ACLs back to what they are supposed to be. This assumes that the person restoring the system even knows what the original ACLs are.
Temporary Work Arounds
The system administrator can make periodic backups of the ACLs by executing
sudo getfacl -R -e <path_to_landing_zone> > backup.acl
Example
After 'baduser' was removed from having permission to access ExampleFile.txt, here is what getfacl shows for the file in the Landing Zone, on HDD1, and HDD2. Notice that baduser still has access to the file on HDD2.
$ sudo getfacl /data/hdd1/landing-zone/Share/Folder/ExampleFile.txt
getfacl: Removing leading '/' from absolute path names
# file: data/hdd1/landing-zone/Share/Folder/ExampleFile.txt
# owner: gooduser
# group: gooduser_group
user::rwx
user:gooduser:rwx
group::rwx
group:gooduser_group:rwx
mask::rwx
other::---
$ sudo getfacl /data/hdd1/gh/Share/Folder/ExampleFile.txt
getfacl: Removing leading '/' from absolute path names
# file: data/hdd1/gh/Share/Folder/ExampleFile.txt
# owner: gooduser
# group: gooduser_group
user::rwx
user:gooduser:rwx
group::rwx
group:gooduser_group:rwx
mask::rwx
other::---
$ sudo getfacl /data/hdd2/gh/Share/Folder/ExampleFile.txt
getfacl: Removing leading '/' from absolute path names
# file: data/hdd2/gh/Share/Folder/ExampleFile.txt
# owner: gooduser
# group: gooduser_group
user::rwx
user:gooduser:rwx
user:baduser:rwx
group::rwx
mask::rwx
other::---
Expected work
Guillaume has said that this will require updates to the following:
- Update the Greyhole VFS module for Samba to catch ACL changes. This assumes the Samba VFS would allows this (note: the existing VFS modules of acl_xattr and acl_tdb seem to indicate this is possible).
- Log the notifications to the spool
- Read the spool and insert the notifications into MySQL
- Execute them once the daemon gets them from MySQL. A cheap way to do this on some Unix platforms would be to execute "getfacl source_file > acl.txt" and then "setfacl --restore=acl.txt dest_file"
